Closed ben851 closed 5 days ago
ben851
commented
2 months ago Added new VPN config to dev and staging yesterday. Production today.
Also created a new PR that allows us to automatically configure the VPN config file for github actions without any manual intervention.
P0NDER0SA
commented
2 months ago I'm going to review this PR today and hopefully it will get merged and things work!
ben851
commented
2 months ago I had to merge this to get prod working but Jimmy had notes that I will action retroactively toda
Description
We received an alert from aws:
"Description We are writing to make you aware of an issue with your server certificates. We found that your server certificate does not have an Authority Key Identifier (AKID) and that the same value is used for Subject and Issuer names. These issues mean your certificate is not conforming to RFC 5280 [1].
We plan to release a new Client VPN client on or about October 30, 2024, which will more strictly validate certificates. After this release, your server certificates will be classified as self-signed certificates, and any end users with the new AWS CVPN client will not be able to connect to your Client VPN endpoint. Additionally, certificates of this type will not be compatible on Client VPN endpoints in the future.
The affected resources are listed in your 'Affected resources' tab.
To avoid any issue with the planned software update, please update your server certificate to include an Authority Key Identifier (AKID) and to make sure the subject and issuer names are different. Should you need assistance, please reach out to AWS support [2]."
We need to redo the certificate authority for our VPN instances in all environments.
WHY are we building?
AWS requirement - must be done by Oct 30.
WHAT are we building?
Updating our AWS VPN CA to conform to spec
VALUE created by our solution
Continued connectivity to our environments.
Acceptance Criteria
QA Steps